@sakuraime You should use DefaultAzureCredential().
string keyVaultUri = "<your_keyvault_uri>";
string secretName = "<your_secret_name>";
var client = new SecretClient(vaultUri: keyVaultUri, credential: new DefaultAzureCredential());
var secret = await client.GetSecretAsync(secretName);
While running the code on your local development machine, it picks the credentials of the user logged into Visual Studio and when deployed to Azure, it picks the credentials of the managed identity.
More on that topic is here
The user running the app and the managed identity will need Key Vault Reader role on Azure KeyVault.
Please let us know if you have any further questions.
----------
If an answer is helpful, please click on or upvote which might help other community members reading this thread.